It is feared that around 974,000 medical patients have been affected by a recent data breach that hit the University of Washington in the US, reports reveal.
Names, medical records, personal information and other health data are believed to have been compromised in the breach, which took place in December of last year.
University of Washington Medicine is currently sending letters of notification and a report on the breach to all potential victims.
According to workers at the hospital, files compromised in the breach did not contain patients’ financial information or social security numbers.
Reagan Dunn, a member of King County Council in Washington State, said:
“This is a breach of data, but it’s also a massive breach of the public’s trust. That’s why I am immediately introducing legislation requesting the County Executive to form a commission to investigate what went wrong, why it happened, and how to ensure this never happens again. The public deserves so much better.”
Councillor Dunn is expected to bring in the legislation next week, and will call upon the County Executive to put together a commission to look into UW Medicine’s potential malpractice.
Speaking on behalf of UW Medicine, Susan Gregg, said:
“UW Medicine became aware of a vulnerability on a website server that made protected internal files available and visible by search on the internet on Dec. 4, 2018.
“The files contained protected health information (PHI) about reporting that UW Medicine is legally required to track, such as reporting to various regulatory bodies in compliance with Washington state reporting requirements.
“We took immediate steps to remove the information from the site and initiated appropriate measures to remove saved information from any third-party sites. At this time, there is no evidence that there has been any misuse or attempted use of the information exposed in this incident.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/